Does active admin extend to a 10,000+ user base tho? I have never seen
it deployed into a large org before now.
In larger orgs, simple setup is less important than is scalability.
neil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tim Vander Kooi
This problem still exists on the CertServer. All DC's are Windows 2003. What
else could be done to resolve this? Would I have to uninstall CertSvc and
reinstall again?
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric
Sent:
It can't hurt to try the uninstall/reinstall approach since that might not
be a component that is "upgradable" ...
Chuck
http://www.ultratech-llc.com/KB/?File=DiskSpace.TXT
-ASB
FAST, CHEAP, SECURE: Pick Any TWO
http://www.ultratech-llc.com/KB/
On 11/10/05, Za Vue [EMAIL PROTECTED] wrote:
Someone dumped 2 GB of data on a file server since two days ago. This is
unlikely and not normal in my environment. What
Thanks for the info.
It looks like the users were once part of a protected group, I reset the
inheritance flag and it holds on the users after that process that runs every
hour.
Hi Ben,
Putting aside AdminSDHolder for a momentmaybe
you were looking for the /P:N option
This is definitely an upgradeable component.
Can you gather the following data:
certutil -dstemplate dstemplate.txt
certutil -ds ds.txt
And make them available ( or email them to me )
thanks
steve
- Original Message -
From: Harding, Devon [EMAIL PROTECTED]
To:
Definitely upgradeable and uninstall/reinstall
is not advisable if you have any amount of certs deployed from the CA.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 11, 2005
7:14 AM
To: ActiveDir@mail.activedir.org
True if running in production -- thanks on the feedback of not needing to
do a reinstall ...
Chuck
Was this an upgrade from W2K?
What error messages are you receiving on
the DC?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 11, 2005
8:43 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] CertSvc
Error
We had one of our remote sites that had an automatically generated (by
KCC) replication link have its automatically generated link disappear.
Can this happen without anyone physically deleting it? Also, what would
cause it to not automatically regenerate itself? It's set up just like
all our
The KCC manages auto created links which means it creates and deletes COs
according to the then current replication topology. If it is the KCCs opinion
it should delete the CO it will. This may happen if the repl. top. changes
which can be new links, new DCs, etc.
One way to force generation
Title: [ActiveDir] Automatically created replication links
What if we think it should have left that replication link
there so we don't have to wait hours for our AD data to replicate
overseas? Do we have to just manually create the replication link after it
decided to delete it without
Title: [ActiveDir] Automatically created replication links
By default, the KCC will try not to create redundant
CO's. So if you're describing a desire to have your DC maintain 2 CO's to
two different hub locations, for example, then the KCC won't do
that.
You can adjust this behavior via a
Well all the CAs were backed up
before the uninstall. And no this did not resolve the issue. When the service
is restarted, it states that none of the policies could be loaded; one Event ID
77 warning for each template, like so:
Event Type: Warning
Event Source:
This WAS an upgrade from W2K
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric
Sent: Friday, November 11, 2005
11:49 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] CertSvc
Error
Was this an upgrade
besides
uninstalling the CA and going through all the issues around that, why don't you
blow away the templetes? If you run certtmpl.msc after it will ask "This is the
first time you have opened Certificate Templetes, would you like to publish them
in Active Directory?" say yes and then you
sent.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
From: [EMAIL PROTECTED] on behalf
When I logged on to the CertServ as a
Domain Admin in my child domain and ran certtmpl.msc,
it said I needed to be a Domain Admin and Enterprise Admin to publish new
templates. I was an Enterprise Admin, but not a part of the Domain Admins
group in the root domain. I then Logged on as a
you should be able to.
I believe it only restores the CA database and since the templates are published
in AD, they should be left alone. But, I've never done this so please triple
guess me.
-Brandon
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Harding,
DevonSent:
One of our Exchange account admins wants to know if there is
a tool that would dump a list of the name of each distribution list in the GAL
along with who has the ability to add or remove members on each one. Would I
approach this with a script or is there a tool I should point him
Dumping all the DLs is easy. Something like adfind from joeware.net would
do the trick. Id just query for groups with mail=* since you can have
mail enabled security grups. The ACLs, I think adfind decodes ACLs, but, youll
still need to parse this information into something useable.
Yep adfind will dump the ntsecuritydescriptor and decode it
if you specify the attribute and add the -sddc option. Note it will be in SDDL
format which is probably one of the easier formats for scripting but worse for
reading.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Thanks Joe Brian,
Time to take the feet down off the desk
againK
MC
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, November 11, 2005
4:13 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] dumping
DL permissions
Yep adfind
GASP
Joeware.net is suddenly blocked by
SurfCONTROL. Not kidding unfortunately sigh Must be that opening pic.
:-/
Oh well, thank God for my super top secret
testing DSL connection so I can get to the usage documentation
again. Now where the heck is that surf admin
Interesting. Is that controlled locally or is that some
blacklist service type item?
I am digging around also. I think withsome small
mods, the script I wrote for dumping ACLs for AD objects for AD3E could be used
for this to generate a CSV with DLs and their perms. It could probably
I think they have a subscription type thing. The WebSense at work tells
you what the site is blocked under usually. Does SurfControl do that?
If I had to make a guess, Id say somebody reported your postcard:
Adult/Sexually
Explicit
Adult products including sex
Its a filtering program that we use
attached to ISA server. Basically it looks at each request and lets it through
or redirects to our AUP internal web page.
I was on joeware.net earlier this week,
and it didnt block me. So I just went to www.surfcontrol.com (Test a Site
link) to make
I usually just look at the managedby attrib of any object where
objectclass='group'. If the attrib is populated, I then fetch that value and
dump it along with the displayname of the DL.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we
Ok, I'm a scripting retard.
I can't seem to figure out how to write this-
the script should check the source dir which has many subdirs and look for files with an .eml extension(recurisively in all the sub dirs)and then copy them to the target dir but making sure the file count is less than a
People can have the right to change DL membership through the ACL without
that managed by attribute so far as I know.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent:
Well, youll need a recursive function to do the tree walking. It
will need to take the path it should start in, and then it will call itself for
each directory in the supplied path.
Heres some pseudo code, sorry Im dead tired this week, so unless
someone translates this, youll have to
Good point, Brian.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
From: [EMAIL
Depends -
If the backup was made on a DC which was the
CA - and it is a System State backup ( recommended method for CA's ) then
Yes
If the backup was made on a DC which was the
CA - and it is the CA database and key(s) then no.
If the backup was made on a member server CA - no.
BTW here
clarification added to my Yes and No
answers...
- Original Message -
From:
steve
patrick
To: ActiveDir@mail.activedir.org
Sent: Friday, November 11, 2005 3:29
PM
Subject: Re: [ActiveDir] CertSvc Error
**RESOLVED**
Depends -
If the backup was
We have just had a major change in Upper Management and I have been given a
rather rare opportunity. As the EA, I have been asked if I need hire more
people to better manage the AD environment. My immediate answer was YES!
Then I got the bad news, my answer needs to have supporting documentation
Desk, Workstation, Access Codes, Telephone, Badge ... what else could they
possibly need?
I've yet to get a job where I'm given an industry standard 35 manhours of
work and 5 manhours of lunch per week. Let me know if you're hiring one of
those. I may be interested.
Thanks,
Brian Desmond
[EMAIL
I'll find the threads and send them to you but on another listserve
there was just this discussion of how many IT people per network not
necessarily AD though.
The answer was .
It depends.
It depended on your industry, regulation, needs, software.
Would management stop looking for
SecurityFocus:
http://www.securityfocus.com/archive/132/415186/30/30/threaded
Look for the threads regarding IT Department Size
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
I'll find the threads and send them to you but on another listserve
there was just this discussion of how many
We've been using SurfControl, but I'm in the process of
switching to Websense, because SurfControl does flaky things like this a little
too frequently. Itinapropriately blocks or allows access to sites, even
though they are correctly categorized. Restart the SurfControl Webfilter
service,
I'd focus less on industry standards, despite that being what mgmt asked
for, and instead try to quantify what you actually need and how it would
benefit the org (ie: save money in the end, speed things up, improve
dependability, etc). For example, you might say Projects A, B, C and D are
on hold
For staffing requirement, you'd want to model your needs against Best
Practices of AD operations and delegation, especially if you are being asked
for industry standards.
If you do that, you'd want to read:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/act
41 matches
Mail list logo
